Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

KB4511553: Windows 10 Version 1809 and Windows Server 2019 August 2019 Security Update

The remote Windows host is missing security update 4511553. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could...

PT-2019-2978 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Internet Explorer affected versions not specified Description: A remote code execution issue exists due to the way the scripting engine handles objects in memory. This could allow an attacker to execute arbitrary code in the context of the...

PT-2019-12244 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Internet Explorer affected versions not specified Description: A remote code execution issue exists in the way the scripting engine handles objects in memory. This could allow an attacker to execute arbitrary code in the context of the curren...

Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-1139)

A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-1140)

A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

KB4512517: Windows 10 Version 1607 and Windows Server 2016 August 2019 Security Update

The remote Windows host is missing security update 4512517. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC. An attacker who successfully exploited this...

KB4512508: Windows 10 Version 1903 August 2019 Security Update

The remote Windows host is missing security update 4512508. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could...

Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-1196)

A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

July 9, 2019—KB4507458 (OS Build 10240.18275)

July 9, 2019—KB4507458 OS Build 10240.18275 For more information about the various types of Windows updates, such as critical, security, driver, service packs, etc., please see the following article. July 19, 2019 - IMPORTANT: Beginning with the July 2019 updates, Active Directory domain...

CVE-2019-1107

CVE-2019-1107 concerns a remote code execution in Microsoft Edge via the Chakra scripting engine’s in-memory handling. The connected docs (GitHub advisories GHSA entries) reference an Out-of-bounds write/memory corruption in Chakra as the underlying issue and identify Edge/chakra as affected, ali...

CVE-2019-1106

Technical details for CVE-2019-1106 are not publicly provided in the supplied documents. No concrete information on affected products, versions, root cause, impact, or fixes is available here. Monitor for updates from official advisories.

CVE-2019-1103

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1106, CVE-2019-1107...

CVE-2019-1103

Technical details for CVE-2019-1103 are not publicly available in the provided connected documents. Monitor for updates from the connected sources (e.g., EUVD/GHSA advisories) for any concrete details.

CVE-2019-12551

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function provided by the scripting engine allows an attacker to overwrite arbitrary memory, which could lead to code execution...

CVE-2019-14215

The vulnerability CVE-2019-14215 affects Foxit PhantomPDF before 8.3.11, where calling xfa.event.rest in XFA JavaScript can crash the application due to accessing a wild pointer. Affected component: PhantomPDF’s XFA/JavaScript handling. Impact stated as crash (partial availability impact per CVSS...

Remote Code Execution (RCE)

ChakraCore is vulnerable to remote code execution RCE. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user. This CVE ID is different from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103 and...

Remote Code Execution (RCE)

ChakraCore is vulnerable to remote code execution RCE. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user. This CVE ID is different from CVE-2019-1062, CVE-2019-1092, CVE-2019-1106 and...

Remote Code Execution (RCE)

ChakraCore is vulnerable to remote code execution RCE. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user. This CVE ID is different from CVE-2019-1062, CVE-2019-1103, CVE-2019-1106 and...